Monday, June 29, 2015

ZERO day fix for Adobe Flash Player

Adobe systems has released an out-of-cycle security patch to fix critical zero-day flaw in a Flash plugin that could allow remote code execution on a compromised system. According to advisory, this critical issue is covered in CVE-2015-3113 and affects Flash Player 18.0.0.161 and earlier versions on Windows and Mac, and version 11.2.202.466 and earlier releases on Linux. Adobe credits FireEye security researchers for finding it which was exploited in a phishing campaign. IE for Windows 7 and earlier along with Firefox on Windows XP are considered prime targets. However, Chrome users has not found with such attacks. Company urges users to apply the patch on earliest basis. <more>